Quarkus - Kubernetes Client

    Having a Kubernetes Client extension in Quarkus is very useful in order to unlock the power of Kubernetes Operators.Kubernetes Operators are quickly emerging as a new class of Cloud Native applications.These applications essentially watch the Kubernetes API and react to changes on various resources and can be used to manage the lifecycle of all kinds of complex systems like databases, messaging systems and much much more.Being able to write such operators in Java with the very low footprint that native images provide is a great match.

    Once you have your Quarkus project configured you can add the kubernetes-client extensionto your project by running the following command in your project base directory.

    /mvnw quarkus:add-extension -Dextensions="kubernetes-client"

    1. <dependency>
    2.     <groupId>io.quarkus</groupId>
    3.     <artifactId>quarkus-kubernetes-client</artifactId>
    4. </dependency>

    Usage

    Quarkus configures a Bean of type KubernetesClient which can be injected into application code using the well known CDI methods.This client can be configured using various properties as can be seen in the following example:

    1. quarkus.kubernetes-client.trust-certs=false
    2. quarkus.kubernetes-client.namespace=default

    Note that the full list of properties is available in the class.

    An example of this can be seen in the following snippet:

    1. @ApplicationScoped
    2. public class KubernetesClientProducer {
    4.     @Produces
    5.     public KubernetesClient kubernetesClient() {
    6.         // here you would create a custom client
    7.         return new DefaultKubernetesClient();
    8.     }
    9. }

    To make testing against a mock Kubernetes API extremely simple, Quarkus provides the KubernetesMockServerTestResource which automatically launchesa mock of the Kubernetes API server and sets the proper environment variables needed so that the Kubernetes Client configures itself to use said mock.Tests can inject the mock and set it up in any way necessary for the particular testing using the @MockServer annotation.

    Let’s assume we have a REST endpoint defined like so:

    We could write a test for this endpoint very easily like so:

    1. @QuarkusTestResource(KubernetesMockServerTestResource.class)
    2. @QuarkusTest
    3. public class KubernetesClientTest {
    5.     @MockServer
    6.     KubernetesMockServer mockServer;
    8.     @BeforeEach
    9.     public void before() {
    10.         final Pod pod1 = new PodBuilder().withNewMetadata().withName("pod1").withNamespace("test").and().build();
    11.         final Pod pod2 = new PodBuilder().withNewMetadata().withName("pod2").withNamespace("test").and().build();
    13.         mockServer.expect().get().withPath("/api/v1/namespaces/test/pods")
    14.                 .andReturn(200,
    15.                         new PodListBuilder().withNewMetadata().withResourceVersion("1").endMetadata().withItems(pod1, pod2)
    16.                                 .build())
    17.                 .always();
    19.     @Test
    20.     public void testInteractionWithAPIServer() {
    21.         RestAssured.when().get("/pod/test").then()
    22.                 .body("size()", is(2));
    23.     }
    25. }

    Note that to take advantage of these features, the quarkus-test-kubernetes-client dependency needs to be added, for example like so:

    1. <dependency>
    2.     <groupId>io.quarkus</groupId>
    3.     <artifactId>quarkus-test-kubernetes-client</artifactId>
    4.     <scope>test</scope>
    5. </dependency>

    Note on implementing the Watcher interface

    1. client.pods().watch(new Watcher<Pod>() {
    2.     @Override
    3.     public void eventReceived(Action action, Pod pod) {
    4.         // do something
    5.     }
    7.     @Override
    8.     public void onClose(KubernetesClientException e) {
    9.         // do something
    10.     }
    11. });

    or

    Note that defining the generic type via a class hierarchy similar to the following example will also work correctly:

    1. public abstract class MyWatcher<S> implements Watcher<S> {
    2. }
    4. ...
    7. client.pods().watch(new MyWatcher<Pod>() {
    8.     @Override
    9.     public void eventReceived(Action action, Pod pod) {
    10.         // do something
    11.     }
    12. });
    1. public class ResourceWatcher<T extends HasMetadata> implements Watcher<T> {
    2.     @Override
    3.     public void eventReceived(Action action, T resource) {
    4.     }
    6.     @Override
    7.     public void onClose(KubernetesClientException e) {
    8.         // do something
    9.     }
    10. }
    12. client.pods().watch(new ResourceWatcher<Pod>());

    In many cases in order to access the Kubernetes API server a ServiceAccount, Role and RoleBinding will be necessary.An example that allows listing all pods could look something like this:

    1. ---
    2. apiVersion: v1
    3. kind: ServiceAccount
    4. metadata:
    5.   name: <applicationName>
    6.   namespace: <namespace>
    7. ---
    8. apiVersion: rbac.authorization.k8s.io/v1
    9. kind: Role
    10. metadata:
    12.   namespace: <namespace>
    13. rules:
    14.   - apiGroups: [""]
    15.     resources: ["pods"]
    16.     verbs: ["list"]
    17. ---
    18. apiVersion: rbac.authorization.k8s.io/v1
    19. kind: RoleBinding
    20. metadata:
    21.   name: <applicationName>
    22.   namespace: <namespace>
    23. roleRef:
    24.   kind: Role
    25.   name: <applicationName>
    26.   apiGroup: rbac.authorization.k8s.io
    27. subjects:
    28.   - kind: ServiceAccount
    29.     name: <applicationName>
    30.     namespace: <namespace>

    Replace <applicationName> and <namespace> with your values.Have a look at to get further information.

    Configuration Reference

    Configuration property fixed at build time - ️ Configuration property overridable at runtime